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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)K Responsive to communication(s) filed on 04 February 2005 . 
2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^1 Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) 1-3,14 and 15 is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) IEI Claim(s) 4-13 and 16-20 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) ^ Claim(s) 1-20 are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 16 January 2002 is/are: a)D accepted or b)E3 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 
2.Q Certified copies of the priority documents have been received in Application No. 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . The IDS of 1/16/2002 was received and considered. 

2. Claims 1-20 are pending. 



Election/Restrictions 

* 

3. Restriction to one of the following inventions is required under 35 U.S.C. 121 : 

I. Claims 1-3, drawn to a method of login authentication that employs a token with a 
seed value, classified in class 713, subclass 184. 

II. Claims 4-20, drawn to a method of authentication across multiple web sites, 
classified in class 713, subclass 168. 

4. The inventions are distinct, each from the other because Inventions I and II are related as 
subcombinations disclosed as usable together in a single combination. The subcombinations are 
distinct from each other if they are shown to be separately usable. In the instant case, invention 
II has separate utility such as authenticating to multiple web sites using different authentication 
mechanisms. See MPEP § 806.05(d). 

5. Only if the above Invention II is elected, this application will contain claims directed to 
the following patentably distinct species of the claimed invention: Group Il-a, claims 11-13 and 
Group Il-b, claims 14-15. Group Il-a is directed to a hardware-based token and Group Il-b is 
directed to a software-based token. 

Applicant is required under 35 U.S.C. 121 to elect a single disclosed species for 
prosecution on the merits to which the claims shall be restricted if no generic claim is finally 
held to be allowable. Currently, claims 4-9, 16-19 & 20 are generic. 
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Applicant is advised that a reply to this requirement must include an identification of the 
species that is elected consonant with this requirement, and a listing of all claims readable 
thereon, including any claims subsequently added. An argument that a claim is allowable or that 
all claims are generic is considered nonresponsive unless accompanied by an election. 

Upon the allowance of a generic claim, applicant will be entitled to consideration of 
claims to additional species which are written in dependent form or otherwise include all the 
limitations of an allowed generic claim as provided by 37 CFR 1.141. If claims are added after 
the election, applicant must indicate which are readable upon the elected species. MPEP § 
809.02(a). 

Should applicant traverse on the ground that the species are not patentably distinct, 
applicant should submit evidence or identify such evidence now of record showing the species to 
be obvious variants or clearly admit on the record that this is the case. In either instance, if the 
examiner finds one of the inventions unpatentable over the prior art, the evidence or admission 
may be used in a rejection under 35 U.S.C. 103(a) of the other invention. 

6. During a telephone conversation with Thomas Brennan on 8/29/2005 a provisional 
election was made without traverse to prosecute the invention of Group Il-b, claims 4-13 & 16- 
20. Affirmation of this election must be made by applicant in replying to this Office action. 
Claims 1-3 & 14-15 are withdrawn from further consideration by the examiner, 37 
CFR 1 .142(b), as being drawn to a non-elected invention. 



Drawings 
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7. New corrected drawings in compliance with 37 CFR 1.121(d) are required in this 
application because at least Fig. 1 is handwritten and difficult to read. Applicant is advised to 
employ the services of a competent patent draftsperson outside the Office, as the U.S. Patent and 
Trademark Office no longer prepares new drawings. The corrected drawings are required in 
reply to the Office action to avoid abandonment of the application. The requirement for corrected 
drawings will not be held in abeyance. 

Claim Rejections - 35 USC § 112 

8. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

9. Claims 16-17 are rejected under 35 U.S.C. 112, first paragraph, as failing to comply with 
the enablement requirement. The claim(s) contains subject matter which was not described in 
the specification in such a way as to enable one skilled in the art to which it pertains, or with 
which it is most nearly connected, to make and/or use the invention. The claims recite "complex 
code", however "complex" is not clearly defined in the specification so as to definitively 
differentiate a complex code from a simple code. 

10. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 
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1 1 . Claims 16-17 & 20 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Regarding claims 16-17, the claims recite "complex code", however "complex" is vague 
and indefinite. 

Regarding claim 20, the phrase "such as" renders the claim indefinite because it is unclear 
whether the limitations following the phrase are part of the claimed invention. See MPEP 
§ 2173.05(d). 

Claim Rejections - 35 USC §102 

12. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

13. Claims 4-12 & 18-20 are rejected under 35 U.S.C. 102(b) as being anticipated by "RSA 
Web Security Portfolio - How RSA SecurlD Agents Can Secure Your Website" by RSA 
Security, Inc. (RSA). 

Regarding claims 4-8 & 18-19, RSA discloses providing two separate user authentication 
methods (p. 2, \\\ enabling a user to communicate authentication data to both authentication 
methods to a first web site using the Internet (p. 2, §111, \2\ enabling the communication of at 
least some of the authentication data from the first web site to a second web site using the 
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Internet (p. 3, 1(4-6) and wherein both web sites are involved in user authentication using the 
authentication data (p. 3, 1(5-6). 

Regarding claim 9, RSA discloses employing a password/secret PIN (p. 2, 1(1). 

Regarding claims 10-12, RSA discloses employing a token/random number generator (p. 
2, HI & p. 3, §111, H5). 

Regarding claim 20, RSA discloses embedding the token in a device such as a cell phone 
(p. 2, §111, 1(5). 

Claim Rejections - 35 USC §103 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

15. Claims 16-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over RSA, as 
applied to claim 4 above, in further view of Network Security Essentials Applications and 
Standards by S tailings. 

Regarding claims 16-17, RSA lacks explicitly that the authentication method employs a 
fixed complex code which comprises a public key infrastructure. However, RSA discloses that 
the authentication token is transmitted using SSL (p. 3, §111, 1[2). Further, Stallings teaches that 
SSL involves a key exchange, for instance RSA key exchange, where a secret key is encrypted 
with the receivers RSA public key (p. 214). Therefore, it would have been obvious to one 
having ordinary skill in the art at the time the invention was made to explicitly employ a fixed 
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complex code which comprises a public key infrastructure. One of ordinary skill in the art 
would have been motivated to perform such a modification to utilize an RSA public key to 
exchange keys, as taught by Stallings (p. 214). 

16. Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over RSA, as applied 
to claim 1 1 above, in further view of U.S. Patent Application Publication 2001/0045451 to Tan 
et al. (Tan) in further view of "eToken: The Key to Security for the Internet Age" by Aladdin. 
RSA lacks explicitly a USB-based token being accessed by a browser. However, Tan teaches 
that to allow access to a web site using a smart card, the browser can read necessary access 
information directly from the smart card and pass the information to the server to which the user 
is authenticating fl|6-l 1). Therefore, it would have been obvious to one having ordinary skill in 

■ 

the art at the time the invention was made to modify the RSA security token to communicate 
electronically with the web browser. One of ordinary skill in the art would have been motivated 
to perform such a modification to pass the generated code to the server for use in authentication, 
as taught by Tan fl[6-l 1). Further, Aladdin teaches that using USB tokens for authentication 
allows the user to take advantage of the USB ports included in millions of PCs (p. 1). Therefore, 
it would have been obvious to one having ordinary skill in the art at the time the invention was 
made to modify RSA to include the SecurlD token in a USB-based device. One of ordinary skill 
in the art would have been motivated to perform such a modification to take advantage of 
millions of USB-ready PCs for authentication, as taught by Aladdin (p. 1). 



Conclusion 



• t 
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17. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (571) 272-3841. 
The examiner can normally be reached on Monday - Thursday, 6:45 a.m. -4:15 p.m.. The 
examiner can also be reached on alternate Fridays from 6:45 a.m. - 3:15 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

supervisor, Gregory Morse can be reached at (571) 272-3838. 

Any response to this action should be mailed to: 

Commissioner for Patents 
P.O.Box 1450 
Alexandria, VA 22313-1450 
Or faxed to: 

(571)273-8300 

(for formal communications intended for entry) 

Or: 

(571) 273-3841 (Examiner's fax, for informal or draft communications, please 
label "PROPOSED" or "DRAFT") 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571) 272-2100. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 



system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 





MJS < DF rifov WORSE 

August 30, 2005 GRfcW \ , 



